Security Advisory

CVE-2021-47738

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-23 19:34:10

Last updated 2026-04-07 14:05:52

Assigner VulnCheck

State PUBLISHED

Description

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.

← Browse all CVEs View on cve.org ↗